A. Technical Field
The present invention relates to digital circuits and, more particularly, to systems, devices, and methods of protecting data by using reconfigurable digital logic circuit paths.
B. Background of the Invention
Numerous methods to encrypt, obfuscate, and hide information have been employed in the software domain for a long time. One invention, titled “System and Method for Enhancing Confidentiality using Logic Gate Encryption,” by common authors suggests encryption of logic gates in the hardware domain as a means to protect a circuit from reverse engineering and theft of valuable IP or information by making it extremely difficult for potential intruders to identify operational logic functions for the purpose of discovering critical keying material. However, encryption of logic gates alone does not prevent a determined attacker from discovering confidential data that is processed by the concealed circuit.
In many cases, a secure circuit implements a standard, non-proprietary algorithm, such as a common AES encryption. Unlike the data and the critical keying material processed by the algorithm, the encryption algorithm itself is neither secret nor worthy of protection. Side channel attacks represent one category of intruder attacks frequently employed to uncover secret information, such as encryption keys, passwords, and other cryptographic data.
In a differential side channel attack, the attacker may perform hundreds if not thousands of calls to a function that the attacker attempts to break by performing statistical analysis on characteristic properties, such as electromagnetic emissions emanating from the circuit under investigation (e.g., characteristic emissions caused by transitions in current), power consumption, and timing information of signals. By doing so the intruder takes advantage of the fact that these properties are closely associated with and reflect the physical implementation of the encryption engine and the operations performed on the data processed by the particular encryption algorithm. Different instructions, for example, will have different power consumption profiles, such that after monitoring the circuit under investigation, collecting sufficient data, and filtering out noise by statistical means, details of the system behavior can be inferred from the obtained data and the secret information can be reconstructed, thereby, rendering the system vulnerable and compromising the security of the entire system.
In detail, the implementation of the algorithm into a secure system causes current to flow through a given logic circuit from which knowledge about the circuit and the data processed by logic circuitry is inadvertently revealed to the surroundings of the circuit. For example, in a point-of-sale terminal comprising a circuit with five AND gates and five OR gates has a fixed location and allows the data and current associated with that data to travel through the gates that have permanent locations, which makes logic operations within the circuit prone to being probed for the purpose of tracing and extracting information regarding the abovementioned circuit properties and the circuit design.
There exist several approaches aimed at protecting a circuit by increasing the level of difficulty of carrying out this type of non-intrusive attacks and prevent the leakage of “readable” information from the logic circuit to a potential observer. One such approach to improve security relies on modifying the encryption algorithm and performing operations on both the actual bits of a secret key as well as the inverse thereof.
Another approach, shown in FIG. 1, employs a plurality of small, internal capacitors that electrically decouple and, thus, isolate an external power supply from the to-be-protected circuit in order to frustrate monitoring activities on the power lines. The circuit in FIG. 1 is implemented on a smart card 10 and includes capacitors 3 and 4 that can be embedded within the smart card substrate. In operation, switch 8 alternately switches between capacitors 3 and 4 such that that, at any given time, one of the two capacitors is charged by the external power supply, while the other capacitor delivers power to smart card 10. This, in effect, causes the power supply to be decoupled from the circuit, making it more difficult to directly observe the power consumption of the circuit from which the adversary wishes to deduct information. However, this approach does not prevent the motivated attacker from examining the signals radiated by the decoupling capacitors 3, 4, or employ more sophisticated means such as infrared emission analysis to obtain the sought after information indirectly.
Another type of attack on a circuit is the method is fault injection. Using this method, the adversary, in preparation of an attack, manipulates a circuit that normally undergoes random operations in such a manner as to force the circuit to deviate from its regular cryptographic operations and switch into a less random mode. For example, by purposefully raising the voltage applied to the circuit the attacker may trigger a certain circuit response that, in effect, reduces the randomness of operations and allows control of the circuit behavior, thereby, making it easier to successfully carry out the attack.
However, it remains fundamental to the success of a differential side-channel attack that the same sequence of algorithmically determined logic operations is repeated many times over, so as to give the attacker an opportunity to apply the statistical analysis necessary to discover the relationship between the collected data and the inner workings of the circuit under investigation.
What is needed are tools for designers of secure systems to overcome the above-described limitations.